<?php
/*

SHOPPERPRESS DEVELOPED BY MARK FAIL
http://www.markfail.com
http://www.shopperpress.com

Follow on twitter: http://www.twitter.com/markfail
Follow on twitter: http://www.twitter.com/shopperpress

*/

/**
* Info: Redirects none-admin users back to the website (not the admin dashboard)
* 		
* @version  1.0
*/
function cp_redirect($redirect_to, $request_redirect_to, $user) {
	if (is_a($user, 'WP_User') && $user->has_cap('level_3') === false) {
		return get_bloginfo('wpurl'); 
	}
	return $redirect_to;
}

/**
* Info: custom website login / register pages
* 		
* @version  1.0
*/
function cp_login_init() {
	require( ABSPATH . '/wp-load.php' );
		
	if (isset($_REQUEST["action"])) {
		$action = $_REQUEST["action"];
	} else {
		$action = 'login';
	}
	
	switch($action) {
		case 'lostpassword' :
		case 'retrievepassword' :
			cp_password();
			break;
		case 'register':
			cp_show_register();
			break;
		case 'login':
		default:
			cp_show_login();
			break;
	}
	die();
}

/**
* Info: creates error display for customer pages
* 		
* @version  1.0
*/

function cp_show_errors($wp_error) {
	global $error;
	
	if ( !empty( $error ) ) {
		$wp_error->add('error', $error);
		unset($error);
	}

	if ( !empty($wp_error) ) {
		if ( $wp_error->get_error_code() ) {
			$errors = '';
			$messages = '';
			foreach ( $wp_error->get_error_codes() as $code ) {
				$severity = $wp_error->get_error_data($code);
				foreach ( $wp_error->get_error_messages($code) as $error ) {
					if ( 'message' == $severity )
						$messages .= '	' . $error . "<br />\n";
					else
						$errors .= '	' . $error . "<br />\n";
				}
			}
			if ( !empty($errors) )
				echo '<p id="login_error">' . apply_filters('login_errors', $errors) . "</p>\n";
			if ( !empty($messages) )
				echo '<p class="message">' . apply_filters('login_messages', $messages) . "</p>\n";
		}
	}
}


/**
* Info: generates template header
* 		
* @version  1.0
*/

function cp_head($cp_msg) {

	global $pagenow, $user_ID, $cp_options;

	include(TEMPLATEPATH . '/header.php');	 
 
}
/**
* Info: generates template footer
* 		
* @version  1.0
*/
function cp_footer() {

	global $pagenow, $user_ID, $cp_options;

	if ($pagenow == "wp-login.php") {
			// Show the appropriate options
			echo '<div id="cpnav">'."\n";
			if (isset($_GET['action']) && $_GET['action'] != 'login') 
				echo '<a href="'.site_url('wp-login.php', 'login').'">'.__('Log in','cp').'</a><br />'."\n";
			if (get_option('users_can_register') && $_GET['action'] != 'register')
				echo '<a href="'.site_url('wp-login.php?action=register', 'login').'">'.__('Register','cp').'</a><br />'."\n";
			if ($_GET['action'] != 'lostpassword')
				echo '<a href="'.site_url('wp-login.php?action=lostpassword', 'login').'" title="'.__('Password Lost and Found','cp').'">'. SPEC($GLOBALS['_LANG']['_lostpassword']).'</a></li>'."\n";		
			echo '</div>'."\n";

			// autofocus the username field  ?>
			<script type="text/javascript">try{document.getElementById('user_login').focus();}catch(e){}</script>
		<?php		
	}
 
	include(TEMPLATEPATH . '/footer.php');
}


function cp_show_login() {

	if ( isset( $_REQUEST['redirect_to'] ) )
		$redirect_to = $_REQUEST['redirect_to'];
	else
		$redirect_to = admin_url();

	if ( is_ssl() && force_ssl_login() && !force_ssl_admin() && ( 0 !== strpos($redirect_to, 'https') ) && ( 0 === strpos($redirect_to, 'http') ) )
		$secure_cookie = false;
	else
		$secure_cookie = '';

	$user = wp_signon('', $secure_cookie);
	if($redirect_to == ""){ $redirect_to = admin_url(); }
	$redirect_to = apply_filters('login_redirect', $redirect_to, isset( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : '', $user);

	if ( !is_wp_error($user) ) {
		// If the user can't edit posts, send them to their profile.
		if ( !$user->has_cap('edit_posts') && ( empty( $redirect_to ) || $redirect_to == 'wp-admin/' ) )
			$redirect_to = admin_url('profile.php');
		wp_safe_redirect($redirect_to);
		exit();
	}

	$errors = $user;
	// Clear errors if loggedout is set.
	if ( !empty($_GET['loggedout']) )
		$errors = new WP_Error();

	cp_head(__('Login','cp'));	

	// If cookies are disabled we can't log in even with a valid user+pass
	if ( isset($_POST['testcookie']) && empty($_COOKIE[TEST_COOKIE]) )
		$errors->add('test_cookie', __("<strong>ERROR</strong>: Cookies are blocked or not supported by your browser. You must <a href='http://www.google.com/cookies.html'>enable cookies</a>.",'cp'));		
	if	( isset($_GET['loggedout']) && TRUE == $_GET['loggedout'] )			$errors->add('loggedout', __(SPEC($GLOBALS['_LANG']['_zz7']),'cp'), 'message');
	elseif	( isset($_GET['registration']) && 'disabled' == $_GET['registration'] )	$errors->add('registerdisabled', __(SPEC($GLOBALS['_LANG']['_zz8']),'cp'));
	elseif	( isset($_GET['checkemail']) && 'confirm' == $_GET['checkemail'] )	$errors->add('confirm', __(SPEC($GLOBALS['_LANG']['_zz9']),'cp'), 'message');
	elseif	( isset($_GET['checkemail']) && 'newpass' == $_GET['checkemail'] )	$errors->add('newpass', __(SPEC($GLOBALS['_LANG']['_zz10']),'cp'), 'message');
	elseif	( isset($_GET['checkemail']) && 'registered' == $_GET['checkemail'] )	$errors->add('registered', __(SPEC($GLOBALS['_LANG']['_zz11']),'cp'), 'message');


	echo cp_show_errors($errors); ?>

	<h2 class="h2top"><?php echo SPEC($GLOBALS['_LANG']['_login_title']); ?></h2>
			
		<form class="loginform" action="<?php bloginfo('wpurl'); ?>/wp-login.php" method="post" >
 
		<p>
			<label for="user_login"><?php echo SPEC($GLOBALS['_LANG']['_username']); ?>:</label>
			<input name="log" value="<?php echo attribute_escape(stripslashes($_POST['log'])); ?>" class="mid" id="user_login" type="text" />
			<br/>
			<label for="user_pass"><?php echo SPEC($GLOBALS['_LANG']['_password']); ?>:</label>
			<input name="pwd" class="mid" id="user_pass" type="password" />
			<br/>
		</p>
		
		<div id="checksave">
			<input name="rememberme" class="checkbox" id="rememberme" value="forever" type="checkbox" checked="checked"/>
			<label for="rememberme"><?php echo SPEC($GLOBALS['_LANG']['_remember']); ?></label>
			
		<p class="submit">
			<input type="submit" class="lbutton" name="wp-submit" id="wp-submit" value="<?php echo SPEC($GLOBALS['_LANG']['_login']); ?> &raquo;" />
			<input type="hidden" name="testcookie" value="1" />
		</p>
		</div>
	</form>
			
<?php	
	cp_footer();
}


function cp_show_register() {
	global $cp_pluginpath, $cp_options;
	if ( !get_option('users_can_register') ) {
		wp_redirect(get_bloginfo('wpurl').'/wp-login.php?registration=disabled');
		exit();
	}

	$user_login = '';
	$user_email = '';
   
	if ( isset($_POST['user_login']) ) {
		if( !$cp_options['captcha'] || ( $cp_options['captcha'] && ($_SESSION['security_code'] == $_POST['security_code']) && (!empty($_SESSION['security_code']) ) ) 
			) {
			unset($_SESSION['security_code']);
			require_once( ABSPATH . WPINC . '/registration.php');

			$user_login = $_POST['user_login'];
			$user_email = $_POST['user_email'];
			$errors = register_new_user($user_login, $user_email);
			if ( !is_wp_error($errors) ) {
				wp_redirect('wp-login.php?checkemail=registered');
				exit();
			}
		} else {
			$user_login = $_POST['user_login'];
			$user_email = $_POST['user_email'];
			$errors = new WP_error();
			$errors->add('captcha', __("<strong>ERROR</strong>: You didn't correctly enter the captcha, please try again.",'cp'));		
		}
	}
	
	cp_head(__('Register','cp'));
	
   echo cp_show_errors($errors); ?>

<h2 class="h2top"><?php echo SPEC($GLOBALS['_LANG']['_register_title']); ?></h2>
				
	<form class="loginform" name="registerform" id="registerform" action="<?php echo site_url('wp-login.php?action=register', 'login_post') ?>" method="post">
		<p>
			<label><?php echo SPEC($GLOBALS['_LANG']['_username']); ?>:</label>
			<input tabindex="1" type="text" name="user_login" id="user_login" class="mid" value="<?php echo attribute_escape(stripslashes($user_login)); ?>" size="20"   /><br/>
			<label><?php echo SPEC($GLOBALS['_LANG']['_c5']); ?>:</label>
			<input tabindex="2" type="text" name="user_email" id="user_email" class="mid" value="<?php echo attribute_escape(stripslashes($user_email)); ?>" size="25"   />

			<?php if ($cp_options['captcha']) { ?>
			<label>&nbsp;</label>
			<img alt="captcha" width="155" height="30" src="<?php echo $cp_pluginpath; ?>captcha.php?width=155&amp;height=30&amp;characters=5" /><br/>
			<label for="security_code"><?php echo SPEC($GLOBALS['_LANG']['_zz1']); ?></label>
			<input tabindex="3" id="security_code" name="security_code" class="input" type="text" />
			<?php } ?>

		</p>
	<div id="checksave">	
		<?php do_action('register_form'); ?>
       
		<p id="reg_passmail"><?php echo SPEC($GLOBALS['_LANG']['_zz2']); ?></p>
		<p class="submit">
        <input tabindex="4" class="lbutton" type="submit" name="wp-submit" id="wp-submit" value="<?php echo SPEC($GLOBALS['_LANG']['_register']); ?>" tabindex="100" />
        </p>
	</div>
	</form>
<?php
	cp_footer();
}



function cp_password() {
	$errors = new WP_Error();
	if ( $_POST['user_login'] ) {
		$errors = retrieve_password();
		if ( !is_wp_error($errors) ) {
			wp_redirect('wp-login.php?checkemail=confirm');
			exit();
		}
	}
	
	if ( 'invalidkey' == $_GET['error'] ) 
		$errors->add('invalidkey', __(SPEC($GLOBALS['_LANG']['_zz6']),'cp'));

	$errors->add('registermsg', __(SPEC($GLOBALS['_LANG']['_zz5']),'cp'), 'message');
	do_action('lost_password');
	do_action('lostpassword_post');
	cp_head("Lost Password");

	echo cp_show_errors($errors); ?>

<h2 class="h2top"><?php echo SPEC($GLOBALS['_LANG']['_lostpassword']); ?></h2>
				
	<form class="loginform" name="lostpasswordform" id="lostpasswordform" action="<?php echo site_url('wp-login.php?action=lostpassword', 'login_post') ?>" method="post">
		<p>
			<label><?php echo SPEC($GLOBALS['_LANG']['_zz3']); ?></label>
			<input type="text" name="user_login" id="user_login" class="mid" value="<?php echo attribute_escape(stripslashes($_POST['user_login'])); ?>" size="20" tabindex="10" />
		</p>
		
	<div id="checksave">	
		<?php do_action('lostpassword_form'); ?>
		<p class="submit"><input type="submit" class="lbutton" name="wp-submit" id="wp-submit" value="<?php echo SPEC($GLOBALS['_LANG']['_zz4']); ?>" tabindex="100" /></p>
	</div>
	</form>
<?php
	cp_footer();
}






global $pagenow; 

if ( $pagenow == "wp-login.php"  && $_GET['action'] != 'logout' && !isset($_GET['key']) ) {
	add_action('init', 'cp_login_init', 98);
	 
	 
}

// If the current user has no edit rights, redirect them to their dashboard page
add_filter('login_redirect', 'cp_redirect', 10, 3);
?>